UNIX and Linux Security

UNIX, Linux, and other similar operating systems are gaining in popularity and market share. UNIX is still a
dominant player in the server arena.

UNIX, Linux, FreeBsd, AIX, and so on (all referred to as UNIX in
this tutorial) have great potential for both being very secure
and being exploited. Some of the same features that make
UNIX a good target for security attacks make it powerful enough to be operated safely.

UNIX as a target

There is an ongoing debate among system administrators as
to whether Windows or UNIX is the more vulnerable operating
system. This debate often degrades to a mere count of vulnerabilities
applicable to one side or the other. In any case, it is
useful to start with an examinaton of why UNIX and Linux
might be a target of security attacks. The following lists the
four main reasons that UNIX is a target:

Linux (and much of the other UNIX implementations) are open source.

UNIX installations are easy to obtain, both in terms of being inexpensive (often free) and readily distributed.

Most hacking tools are available for UNIX.

UNIX is a good environment to exchange hacks and code.

Open source

Open source means products made available along with the source code needed to
rebuild or recompile the products. Open source does not mean free of cost or
licenses, although it is in many cases.

Many people view open source as a major security threat. In fact, this has not
turned out to be the case. While it is true that a hacker can get a head start on finding
security issues by examining the code, this concern is certainly overrated,
because of the extremely long hours that would be required to walk through the
thousands of lines of code. However, once a flaw is identified, the source code can
be very useful to the hacker in developing an exploit.

Ironicly, over time, the ultimate effect of having code open to all may be that the
code is better and more secure. Problems tend to be quickly fixed and thoroughly
vetted. This is discussed in more detail in the section "Open Source Issues" later in this tutorial.

Easy-to-obtain operating system

That Linux is low cost and freely distributed on the Internet makes it a popular
operating system for experimentation. Many public forums exist in which novices
can get help and support for their Linux implementation. Even solutions for complicated
and obscure problems can be found with a minimal amount of searching on
the Internet. If it is a popular operating system to use, it can be expected to be popular for hacking as well.